<?PHP
// vim: set expandtab tabstop=4 shiftwidth=4:
// +----------------------------------------------------------------------+
// | SAPID: XML Sapiens Engine Demonstrator                               |
// +----------------------------------------------------------------------+
// | Author:  Max Baryshnikov aka Mephius <mb@rg.by>	                  |
// | Copyright (c) 2004 Max Baryshnikov                                   |
// | http://sapid.sourceforge.net	                                      |
// +----------------------------------------------------------------------+
// | This source file is free software; you can redistribute it and/or    |
// | modify it under the terms of the GNU Lesser General Public           |
// | License as published by the Free Software Foundation; either         |
// | version 2.1 of the License, or (at your option) any later version.   |
// |                                                                      |
// | This source file is distributed in the hope that it will be useful,  |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of       |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    |
// | Lesser General Public License for more details.                      |
// +----------------------------------------------------------------------+
// Release: 13.12.04 (dd/mm/yy)
// $Id: users.inc.php,v 1.4 2006/02/20 08:27:31 sheiko Exp $

if (!defined("SAPID_STARTED")) die("Hacking attempt!");
if($env["user"]["GROUP"]=="wheel"){
	$users = new sapi_vdb(ROOT_PATH . "usr/xml/users.xml");

	switch ($_GET["option"]){
		case "create_user":
		$data["row"]=$_POST;
		$data["post_action"]="ADDROW";
		$users->save_data_row(false, $data, false);
		$users = new sapi_vdb(ROOT_PATH . "usr/xml/users.xml");
		break;
		case "delete_user":
		$users->delete_data_row($_GET["key"]);
		$users = new sapi_vdb(ROOT_PATH . "usr/xml/users.xml");
		break;
		case "edit_user":
		$row=$_POST;
		unset($row["date_create"]);
		$users->change_data_row($_POST["date_create"], $row);
		$users = new sapi_vdb(ROOT_PATH . "usr/xml/users.xml");
		break;
	}


	$list=$users->get_data();

	$panel="
<script>
function edit(login, password, group, date_create, nologin, name, email){
	if(nologin)
	document.getElementById('nologin').checked=true; else
	document.getElementById('nologin').checked=false;
	
	document.getElementById('login').value=login;
	document.getElementById('password').value=password;
	document.getElementById('group').value=group;
	
	document.getElementById('name').value=name;
	document.getElementById('email').value=email;
		
	document.getElementById('date_create').value=date_create;
	document.getElementById('panel').style.display=\"block\";
	document.getElementById('div_title').innerHTML='".$lang["UserProperties"]."';
	document.getElementById('adduser').action=\"".$env["http_path"]."?option=edit_user\";
	return true;
}

function add(){
	document.getElementById('panel').style.display='block';
	document.getElementById('adduser').action='".$env["http_path"]."?option=create_user';
	document.getElementById('login').value='';
	document.getElementById('password').value='';
	document.getElementById('group').value='';
	
	document.getElementById('name').value='';
	document.getElementById('email').value='';
		
	document.getElementById('date_create').value='';
	document.getElementById('div_title').innerHTML='".$lang["CreateUser"]."';
	return true;
}

function start_track(){
	X = event.offsetX+event.x;
	Y = event.offsetY+event.y;
	drag=true;	
	return false;
}
function stop_track(){
	drag=false;
	return false;
}

function track(){
	if(drag) {
		document.all[\"panel\"].style.left = event.clientX-X/2 + document.body.scrollLeft;
		document.all[\"panel\"].style.top = event.clientY-Y/2 + document.body.scrollTop;
	}
	return true;
}

</script>
<div class=\"panel\" id=\"panel\" style=\"position: absolute; top: 45%; left: 10%; padding: 0px; margin: 0px; border: 1px solid Gray; background-color: #A2C3D8; display: none; width: 400px; height: 145px;\" ondragover=\"return false;\">
<div style=\"height: 30px; display: block; position: relative; margin: 0px; padding: 0px;\"><img id=\"header\" src=\"".$env["http_path"]."usr/system/images/x.gif\" width=\"380\" height=\"30\" border=\"0\" ondragstart=\"start_track()\" ondrag=\"window.event.returnValue=track()\" ondragend=\"stop_track();\" /></div>
<form method=\"post\" style=\"margin: 0px\" action=\"".$env["http_path"]."?option=create_user\" id=\"adduser\">
<table class=\"tpanel\" style=\"margin-top: -28px;\" cellpadding=0 cellspacing=0>
<tr>
<td class=\"header\" nowrap=\"nowrap\"><b id=\"div_title\">".$lang["CreateUser"].":</b></td>
<td class=\"header\" align=\"right\"><img src=\"".$env["http_path"]."usr/system/images/close.gif\" alt=\"Close\" onclick=\"document.getElementById('panel').style.display='none';\" hspace=\"8\" /></td>
</tr>
<tr>
	<td nowrap=\"nowrap\">".$lang["Login"].":</td><td><input id=\"login\" type=\"text\" name=\"login\"></td>
</tr>
<tr>
	<td nowrap=\"nowrap\">".$lang["Password"].":</td><td><input id=\"password\" type=\"password\" name=\"password\"></td>
</tr>
<tr>
	<td nowrap=\"nowrap\">".$lang["Group"].":</td><td><input id=\"group\" type=\"text\" name=\"group\"></td>
</tr>
<tr>
	<td nowrap=\"nowrap\">".$lang["Nologin"].":</td><td><input id=\"nologin\" type=\"checkbox\" name=\"nologin\"></td>
</tr>

<tr>
	<td nowrap=\"nowrap\">".$lang["FullName"].":</td><td><input id=\"name\" type=\"text\" name=\"name\"></td>
</tr>

<tr>
	<td nowrap=\"nowrap\">Email:</td><td><input id=\"email\" type=\"text\" name=\"email\"></td>
</tr>



<tr>
<td colspan=2 class=\"header\"><img src=\"".$env["http_path"]."usr/system/images/en/save_dark.gif\" onclick=\"document.getElementById('adduser').submit();\"/></td>
</tr>
</table>
<input type=\"hidden\" name=\"date_create\" id=\"date_create\" value=\"\" />
</form>
</div>

<div style=\"padding-left: 20px; padding-bottom: 10px;\">
			".$lang["UsersInterfaceDewscription"]."<br /><br />
			<input class=\"sapidcms_cont_btn\" type=\"button\" onclick=\"add();\" value=\"".$lang["CreateUser"]."\" /></div>
			</div><table class=\"tpanel\" cellspacing=0 cellpadding=0>
			<tr><td class=\"header\"><B>".$lang["Users"]."</B></td><td class=\"header\"><B>".$lang["Group"]."</B></td><td class=\"header\"><B>".$lang["Date_create"]."</B></td><td class=\"header\"><B>".$lang["Created_by"]."</B></td></tr>
			";
	$cnt=0;
	foreach ($list as $user) {
		if($user["NOLOGIN"]==false) {
			$panel.='<tr><td><a href="#" onclick="edit(\''.$user["LOGIN"].'\', \''.$user["PASSWORD"].'\', \''.$user["GROUP"].'\', \''.$user["DATE_CREATE"].'\', false, \''.$user["NAME"].'\', \''.$user["EMAIL"].'\'); return false;"><img src="'.$env["http_path"].'usr/system/images/edit.gif" alt="'.$lang["Edit"].'" width="12" hight="14" border="0" /></a>&nbsp;'.($user["LOGIN"]!=$_SESSION["user"]["LOGIN"]?'<a href="'.$env["http_path"].'?option=delete_user&key='.rawurldecode($user["DATE_CREATE"]).'" onClick="return confirm(\''.$lang["confirm_delete"].'\')"><img src="'.$env["http_path"].'usr/system/images/delete.gif" alt="'.$lang["Delete"].'" width="12" hight="14" border="0" /></a>&nbsp;':'<img src="'.$env["http_path"].'usr/system/images/x.gif" width="12" height="14" alt="" />&nbsp;').$user["LOGIN"].'</td><td>'.$user["GROUP"].'</td><td>'.$user["DATE_CREATE"].'</td><td>'.$user["IP"].'</td></tr>';
			$cnt++;
		}
	}
	if($cnt<count($list)){
		$panel.='<tr><td colspan="4" class="header"><b>'.$lang["NologinUsers"].'</b></td></tr>';
		foreach ($list as $user) {
			if($user["NOLOGIN"]!=false) $panel.='<tr><td><a href="#" onclick="edit(\''.$user["LOGIN"].'\', \''.$user["PASSWORD"].'\', \''.$user["GROUP"].'\', \''.$user["DATE_CREATE"].'\', true, \''.$user["NAME"].'\', \''.$user["EMAIL"].'\'); return false;"><img src="'.$env["http_path"].'usr/system/images/edit.gif" alt="'.$lang["Edit"].'" width="12" hight="14" border="0" /></a>&nbsp;'.($user["LOGIN"]!=$_SESSION["user"]["LOGIN"]?'<a href="'.$env["http_path"].'?option=delete_user&key='.rawurldecode($user["DATE_CREATE"]).'" onClick="return confirm(\''.$lang["confirm_delete"].'\')"><img src="'.$env["http_path"].'usr/system/images/delete.gif" alt="'.$lang["Delete"].'" width="12" hight="14" border="0" /></a>&nbsp;':'<img src="'.$env["http_path"].'usr/system/images/x.gif" width="12" height="14" alt="" />&nbsp;').$user["LOGIN"].'</td><td>'.$user["GROUP"].'</td><td>'.$user["DATE_CREATE"].'</td><td>'.$user["IP"].'</td></tr>';
		}
	}
	$panel='<div style="margin-top: 3px;" class="panel">' . $panel . "</table></div>";






	if($_SESSION["user"]["GROUP"]=="wheel") {


		$db = new sapi_vdb(ROOT_PATH . "usr/xml/users.xml");
		$users = $db->get_data();

		foreach ($users as $user) {
			$ugroups[$user["GROUP"]] = 1;
		}

		if($ugroups) {
			$select_i .= "<br /><input type=\"radio\" name=\"to_group\" value=\"\"> ".$lang["to_all"]."\n";
			foreach($ugroups as $key => $fetch) {
				$select_i .= "<br /><input type=\"radio\" name=\"to_group\" value=\"".$key."\"> ".$key." \n";
			}
		}

		if($_POST["maillist"]) {
			
			/*<!-- Inserting of personalized info */
			$_POST["maillist"] = preg_replace("/&amp;/is", "&", $_POST["maillist"]);
			preg_match_all("/&user\.(.*?)\.value;/is", $_POST["maillist"], $matches);
			if($matches[1]) {
				foreach($matches[1] as $fetch) {
					if(isset($user[strtoupper($fetch)])) $_POST["maillist"]= str_replace("&user.{$fetch}.value;", $user[strtoupper($fetch)], $_POST["maillist"]);
				}
			}
			/*-->*/
			foreach ($users as $user) {
				if($user["GROUP"]==$_POST["to_group"] OR !$_POST["to_group"]) {
					if( send_mail($user["EMAIL"], $GLOBALS["FEEDBACK_EMAIL"], "Mailist message from ".$env["http_path"], $_POST["maillist"], $env["default_charset"]) ) {
						if($user["LOGIN"]) $names .= "<li>".$user["LOGIN"]."(".$user["NAME"].")</li>";
					}

				}
			}
			$panel .= "<div align=\"center\" style=\"padding: 10px; margin: 10px; font-size: 12px; border: 1px solid black;\">The message was sent to following users:<ul>".$names."</ul></div>";


		}

		$type="qc";
		$name = "maillist";
		$attribs["title"] = $lang["YourMessage"];

		include($GLOBALS["root_path"]."usr/system/js/startup.js.php");
		$panel .= '
	<script>
	'.$add_js.'
	</script>
	<div style="padding: 10px;"><br /><b>'.$lang["Maillist"].'</b>
	<form action="?option=users" method="post" enctype="multipart/form-data" name="maillist_form" id="maillist_form" style="padding: 0px; margin: 0px; font-size: 90%;">
	'.($select_i?'
	'.$lang["select_maillistgroup"].' '.$select_i.'
	
	':'').'
	<textarea style="display: none;  padding-top: 0px; padding-bottom: 0px;" name="maillist" id="text_hlp">&nbsp;</textarea>
	</form>
	<br />
	';


		ob_start();
		include($GLOBALS["root_path"] . "usr/system/editor.php");
		$data=ob_get_contents();
		ob_end_clean();

		$panel .= $data;

		$panel .= '<br /><input name="send_mail" class="sapidcms_cont_btn" type="button" id="OK" style="cursor: pointer" onclick="document.getElementById(\'maillist\').value = area_maillist.innerHTML; document.getElementById(\'maillist_form\').submit();" value=" '.$lang["Send"].' "></div>';

	}
}
?>